PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
January/February 2010

Attackers zero in on Web application vulnerabilities

When users of link sharing and discussion website MetaFilter detected malicious code transforming benign webpages into a drive-by attack platform, Matthew Haughey raced to fix the security flaw. Haughey, a programmer and Web designer who started the site in 1999, soon figured out the problem: a standard SQL injection attack targeting a poorly coded Web application that he built when the website first went live. It was his first Web application and Haughey admits that it failed to filter out variables from the URL. "Someone discovered it, exploited it, and wreaked havoc," says Haughey, recalling the incident, which took down parts of the website last year. "It took us about two days to plug up the holes on every page and make sure every read of every URL was safe." Security experts say problems such as this are happening on websites all over the Internet at an alarming rate. Web application vulnerability flaws account for more than 80 percent of the vulnerabilities discovered, according to the SANS Institute. In many cases, ...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

Columns in this issue






  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...